From 831ec205f6d947e8d9435d9d5e2ba1557b3c08be Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 11 Feb 2025 16:14:48 -0800 Subject: [PATCH 1/2] Define new `rpId` in Credential Record --- index.bs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/index.bs b/index.bs index a1333504d..4d996879a 100644 --- a/index.bs +++ b/index.bs @@ -1127,6 +1127,12 @@ BCP 14 [[!RFC2119]] [[!RFC8174]] when, and only when, they appear in all capital when the [=public key credential source=] was [=registration|registered=]. Storing this in combination with the above [$credential record/attestationObject$] [=struct/item=] enables the [=[RP]=] to re-verify the [=attestation signature=] at a later time. + + : rpId + :: The value of the {{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialRpEntity/id}} parameter + specified in the {{CredentialsContainer/create()}} operation during credential registration. + Storing this enables the [=[RP]=] to use the credential across different domains later + via [[#sctn-related-origins|Related Origins]]. [=WebAuthn extensions=] MAY define additional [=struct/items=] needed to process the extension. From 86b00533e9b3ff5afea709392d890f149bccc1ea Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 11 Feb 2025 16:15:02 -0800 Subject: [PATCH 2/2] Populate rpId during registration --- index.bs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/index.bs b/index.bs index 4d996879a..88ea1a362 100644 --- a/index.bs +++ b/index.bs @@ -6042,6 +6042,9 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o : [$credential record/attestationClientDataJSON$] :: |response|.{{AuthenticatorResponse/clientDataJSON}}. + + : [$credential record/rpId$] + :: |pkOptions|.{{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialRpEntity/id}} The [=[RP]=] MAY also include any additional [=struct/items=] as necessary.